User Phish Alerts
Phish Alerts come from the use of the Outlook Report a Phish (or alternative). This is a configuration made by admins on the email provider used by their companies. If you want to learn how to configure the Report a Phish for Outlook click here.
Once the RAP (Report a Phish) has been configured, all users from that company will be able to report a suspicious phishing email by clicking on that button. We call this reporting action as "Phish Alerts".
If you're an admin of a Company on Symbol, you'll be able to see all the reports made by your users by navigating to the left sidebar of your Company and clicking on Reports > Phishing Alerts. It will display a list of all the alerts sorted by date/time.
There are multiple types of alerts:
- Simulation (it appears when the email reported is part of a Symbol phishing campaign).
- Suspected Phish (it means that the reported email is not part of a phishing campaign and could be a potential phish email).
- Internal (It means that the user reported one of the internal emails delivered by Symbol Security, it could be for example a training assignment email, which is not phish attempt).
However, the admin could change the category of suspected phish to be:
-
Malicious: Most severe designation for a suspect phish email.
-
Spam: Spam emails that could be suspect.
-
Normal: An email that is not a Symbol phishing email or a suspected phish.
When looking at the details of any alert, admins could see information like:
- Report Date/Time
- Subject Message
- Sender Name
- Email Provider
- User Who reported the phish
If the reported email is part of a phishing campaign admins will be able to jump into the phishing template and if the reported email is a suspected phish they will be able to download a .txt with the content of the email.